mirror of
https://github.com/gchq/CyberChef.git
synced 2024-11-16 08:58:30 +01:00
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
bcafaebf77
5 changed files with 179 additions and 18 deletions
2
package-lock.json
generated
2
package-lock.json
generated
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cyberchef",
|
||||
"version": "9.11.7",
|
||||
"version": "9.11.10",
|
||||
"lockfileVersion": 1,
|
||||
"requires": true,
|
||||
"dependencies": {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "cyberchef",
|
||||
"version": "9.11.7",
|
||||
"version": "9.11.10",
|
||||
"description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
|
||||
"author": "n1474335 <n1474335@gmail.com>",
|
||||
"homepage": "https://gchq.github.io/CyberChef",
|
||||
|
|
|
@ -20,7 +20,7 @@ export const ALPHABET_OPTIONS = [
|
|||
},
|
||||
{
|
||||
name: "IPv6",
|
||||
value: "0-9A-Za-z!#$%&()*+\\-;<=>?@^_`{|~}",
|
||||
value: "0-9A-Za-z!#$%&()*+\\-;<=>?@^_`{|}~",
|
||||
}
|
||||
];
|
||||
|
||||
|
|
|
@ -1282,7 +1282,8 @@ export const FILE_SIGNATURES = {
|
|||
extension: "dylib",
|
||||
mime: "application/octet-stream",
|
||||
description: "",
|
||||
signature: {
|
||||
signature: [
|
||||
{
|
||||
0: 0xca,
|
||||
1: 0xfe,
|
||||
2: 0xba,
|
||||
|
@ -1292,7 +1293,19 @@ export const FILE_SIGNATURES = {
|
|||
6: 0x00,
|
||||
7: [0x01, 0x02, 0x03]
|
||||
},
|
||||
extractor: null
|
||||
{
|
||||
0: 0xce,
|
||||
1: 0xfa,
|
||||
2: 0xed,
|
||||
3: 0xfe,
|
||||
4: 0x07,
|
||||
5: 0x00,
|
||||
6: 0x00,
|
||||
7: 0x00,
|
||||
8: [0x01, 0x02, 0x03]
|
||||
}
|
||||
],
|
||||
extractor: extractMACHO
|
||||
},
|
||||
{
|
||||
name: "MacOS Mach-O 64-bit object",
|
||||
|
@ -1305,7 +1318,7 @@ export const FILE_SIGNATURES = {
|
|||
2: 0xed,
|
||||
3: 0xfe
|
||||
},
|
||||
extractor: null
|
||||
extractor: extractMACHO
|
||||
},
|
||||
{
|
||||
name: "Adobe Flash",
|
||||
|
@ -1404,7 +1417,7 @@ export const FILE_SIGNATURES = {
|
|||
260: 0x61,
|
||||
261: 0x72
|
||||
},
|
||||
extractor: null
|
||||
extractor: extractTAR
|
||||
},
|
||||
{
|
||||
name: "Roshal Archive",
|
||||
|
@ -2720,6 +2733,154 @@ export function extractZIP(bytes, offset) {
|
|||
}
|
||||
|
||||
|
||||
/**
|
||||
* MACHO extractor
|
||||
*
|
||||
* @param {Uint8Array} bytes
|
||||
* @param {number} offset
|
||||
* @returns {Uint8Array}
|
||||
*/
|
||||
export function extractMACHO(bytes, offset) {
|
||||
|
||||
// Magic bytes.
|
||||
const MHCIGAM64 = "207250237254";
|
||||
const MHMAGIC64 = "254237250207";
|
||||
const MHCIGAM = "206250237254";
|
||||
|
||||
|
||||
/**
|
||||
* Checks to see if the file is 64-bit.
|
||||
*
|
||||
* @param {string} magic
|
||||
* @returns {bool}
|
||||
*/
|
||||
function isMagic64(magic) {
|
||||
return magic === MHCIGAM64 || magic === MHMAGIC64;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Checks the endianness of the file.
|
||||
*
|
||||
* @param {string} magic
|
||||
* @returns {bool}
|
||||
*/
|
||||
function shouldSwapBytes(magic) {
|
||||
return magic === MHCIGAM || magic === MHCIGAM64;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Jumps through segment information and calculates the sum of the segement sizes.
|
||||
*
|
||||
* @param {Stream} stream
|
||||
* @param {number} offset
|
||||
* @param {string} isSwap
|
||||
* @param {number} ncmds
|
||||
* @returns {number}
|
||||
*/
|
||||
function dumpSegmentCommands(stream, offset, isSwap, ncmds) {
|
||||
let total = 0;
|
||||
const LCSEGEMENT64 = 0x19;
|
||||
const LCSEGEMENT = 0x1;
|
||||
|
||||
for (let i = 0; i < ncmds; i++) {
|
||||
|
||||
// Move to start of segment.
|
||||
stream.moveTo(offset);
|
||||
const cmd = stream.readInt(4, isSwap);
|
||||
if (cmd === LCSEGEMENT64) {
|
||||
|
||||
// Move to size of segment field.
|
||||
stream.moveTo(offset + 48);
|
||||
|
||||
// Extract size of segement.
|
||||
total += stream.readInt(8, isSwap);
|
||||
stream.moveTo(offset + 4);
|
||||
|
||||
// Move to offset of next segment.
|
||||
offset += stream.readInt(4, isSwap);
|
||||
} else if (cmd === LCSEGEMENT) {
|
||||
stream.moveTo(offset + 36);
|
||||
|
||||
// Extract size of segement.
|
||||
total += stream.readInt(4, isSwap);
|
||||
stream.moveTo(offset + 4);
|
||||
offset += stream.readInt(4, isSwap);
|
||||
}
|
||||
}
|
||||
return total;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Reads the number of command segments.
|
||||
*
|
||||
* @param {Stream} stream
|
||||
* @param {bool} is64
|
||||
* @param {string} isSwap
|
||||
* @returns {number}
|
||||
*/
|
||||
function dumpMachHeader(stream, is64, isSwap) {
|
||||
let loadCommandsOffset = 28;
|
||||
if (is64)
|
||||
loadCommandsOffset += 4;
|
||||
|
||||
// Move to number of commands field.
|
||||
stream.moveTo(16);
|
||||
const ncmds = stream.readInt(4, isSwap);
|
||||
return dumpSegmentCommands(stream, loadCommandsOffset, isSwap, ncmds);
|
||||
}
|
||||
|
||||
|
||||
const stream = new Stream(bytes.slice(offset));
|
||||
const magic = stream.getBytes(4).join("");
|
||||
|
||||
// Move to the end of the final segment.
|
||||
stream.moveTo(dumpMachHeader(stream, isMagic64(magic), shouldSwapBytes(magic) ? "le" : "be"));
|
||||
return stream.carve();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* TAR extractor.
|
||||
*
|
||||
* @param {Uint8Array} bytes
|
||||
* @param {number} offset
|
||||
* @returns {Uint8Array}
|
||||
*/
|
||||
export function extractTAR(bytes, offset) {
|
||||
const stream = new Stream(bytes.slice(offset));
|
||||
while (stream.hasMore()) {
|
||||
|
||||
// Move to ustar identifier.
|
||||
stream.moveForwardsBy(0x101);
|
||||
if (stream.getBytes(5).join("") !== [0x75, 0x73, 0x74, 0x61, 0x72].join("")) {
|
||||
// Reverse back to the end of the last section.
|
||||
stream.moveBackwardsBy(0x106);
|
||||
break;
|
||||
}
|
||||
|
||||
// Move back to file size field.
|
||||
stream.moveBackwardsBy(0x8a);
|
||||
let fsize = 0;
|
||||
|
||||
// Read file size field.
|
||||
stream.getBytes(11).forEach((element, index) => {
|
||||
fsize += (element - 48).toString();
|
||||
});
|
||||
|
||||
// Round number up from octet to nearest 512.
|
||||
fsize = (Math.ceil(parseInt(fsize, 8) / 512) * 512);
|
||||
|
||||
// Move forwards to the end of that file.
|
||||
stream.moveForwardsBy(fsize + 0x179);
|
||||
}
|
||||
stream.consumeWhile(0x00);
|
||||
return stream.carve();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* PNG extractor.
|
||||
*
|
||||
|
|
|
@ -63,9 +63,9 @@ class DNSOverHTTPS extends Operation {
|
|||
value: false
|
||||
},
|
||||
{
|
||||
name: "Validate DNSSEC",
|
||||
name: "Disable DNSSEC validation",
|
||||
type: "boolean",
|
||||
value: true
|
||||
value: false
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue